1
2
3
4
5
6
7
8
9
10#include <linux/fs.h>
11#include <linux/list.h>
12#include <linux/gfp.h>
13#include <linux/wait.h>
14#include <linux/net.h>
15#include <linux/delay.h>
16#include <linux/freezer.h>
17#include <linux/tcp.h>
18#include <linux/bvec.h>
19#include <linux/highmem.h>
20#include <linux/uaccess.h>
21#include <asm/processor.h>
22#include <linux/mempool.h>
23#include <linux/sched/signal.h>
24#include "cifspdu.h"
25#include "cifsglob.h"
26#include "cifsproto.h"
27#include "cifs_debug.h"
28#include "smb2proto.h"
29#include "smbdirect.h"
30
31
32#define CIFS_MAX_IOV_SIZE 8
33
34void
35cifs_wake_up_task(struct mid_q_entry *mid)
36{
37 wake_up_process(mid->callback_data);
38}
39
40struct mid_q_entry *
41AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
42{
43 struct mid_q_entry *temp;
44
45 if (server == NULL) {
46 cifs_dbg(VFS, "Null TCP session in AllocMidQEntry\n");
47 return NULL;
48 }
49
50 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
51 memset(temp, 0, sizeof(struct mid_q_entry));
52 kref_init(&temp->refcount);
53 temp->mid = get_mid(smb_buffer);
54 temp->pid = current->pid;
55 temp->command = cpu_to_le16(smb_buffer->Command);
56 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
57
58
59 temp->when_alloc = jiffies;
60 temp->server = server;
61
62
63
64
65
66 get_task_struct(current);
67 temp->creator = current;
68 temp->callback = cifs_wake_up_task;
69 temp->callback_data = current;
70
71 atomic_inc(&midCount);
72 temp->mid_state = MID_REQUEST_ALLOCATED;
73 return temp;
74}
75
76static void _cifs_mid_q_entry_release(struct kref *refcount)
77{
78 struct mid_q_entry *midEntry =
79 container_of(refcount, struct mid_q_entry, refcount);
80#ifdef CONFIG_CIFS_STATS2
81 __le16 command = midEntry->server->vals->lock_cmd;
82 __u16 smb_cmd = le16_to_cpu(midEntry->command);
83 unsigned long now;
84 unsigned long roundtrip_time;
85#endif
86 struct TCP_Server_Info *server = midEntry->server;
87
88 if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) &&
89 midEntry->mid_state == MID_RESPONSE_RECEIVED &&
90 server->ops->handle_cancelled_mid)
91 server->ops->handle_cancelled_mid(midEntry, server);
92
93 midEntry->mid_state = MID_FREE;
94 atomic_dec(&midCount);
95 if (midEntry->large_buf)
96 cifs_buf_release(midEntry->resp_buf);
97 else
98 cifs_small_buf_release(midEntry->resp_buf);
99#ifdef CONFIG_CIFS_STATS2
100 now = jiffies;
101 if (now < midEntry->when_alloc)
102 cifs_server_dbg(VFS, "Invalid mid allocation time\n");
103 roundtrip_time = now - midEntry->when_alloc;
104
105 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) {
106 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) {
107 server->slowest_cmd[smb_cmd] = roundtrip_time;
108 server->fastest_cmd[smb_cmd] = roundtrip_time;
109 } else {
110 if (server->slowest_cmd[smb_cmd] < roundtrip_time)
111 server->slowest_cmd[smb_cmd] = roundtrip_time;
112 else if (server->fastest_cmd[smb_cmd] > roundtrip_time)
113 server->fastest_cmd[smb_cmd] = roundtrip_time;
114 }
115 cifs_stats_inc(&server->num_cmds[smb_cmd]);
116 server->time_per_cmd[smb_cmd] += roundtrip_time;
117 }
118
119
120
121
122
123
124
125
126
127
128 if ((slow_rsp_threshold != 0) &&
129 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) &&
130 (midEntry->command != command)) {
131
132
133
134
135 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS)
136 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]);
137
138 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid,
139 midEntry->when_sent, midEntry->when_received);
140 if (cifsFYI & CIFS_TIMER) {
141 pr_debug("slow rsp: cmd %d mid %llu",
142 midEntry->command, midEntry->mid);
143 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n",
144 now - midEntry->when_alloc,
145 now - midEntry->when_sent,
146 now - midEntry->when_received);
147 }
148 }
149#endif
150 put_task_struct(midEntry->creator);
151
152 mempool_free(midEntry, cifs_mid_poolp);
153}
154
155void cifs_mid_q_entry_release(struct mid_q_entry *midEntry)
156{
157 spin_lock(&GlobalMid_Lock);
158 kref_put(&midEntry->refcount, _cifs_mid_q_entry_release);
159 spin_unlock(&GlobalMid_Lock);
160}
161
162void DeleteMidQEntry(struct mid_q_entry *midEntry)
163{
164 cifs_mid_q_entry_release(midEntry);
165}
166
167void
168cifs_delete_mid(struct mid_q_entry *mid)
169{
170 spin_lock(&GlobalMid_Lock);
171 if (!(mid->mid_flags & MID_DELETED)) {
172 list_del_init(&mid->qhead);
173 mid->mid_flags |= MID_DELETED;
174 }
175 spin_unlock(&GlobalMid_Lock);
176
177 DeleteMidQEntry(mid);
178}
179
180
181
182
183
184
185
186
187
188
189static int
190smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
191 size_t *sent)
192{
193 int rc = 0;
194 int retries = 0;
195 struct socket *ssocket = server->ssocket;
196
197 *sent = 0;
198
199 smb_msg->msg_name = (struct sockaddr *) &server->dstaddr;
200 smb_msg->msg_namelen = sizeof(struct sockaddr);
201 smb_msg->msg_control = NULL;
202 smb_msg->msg_controllen = 0;
203 if (server->noblocksnd)
204 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
205 else
206 smb_msg->msg_flags = MSG_NOSIGNAL;
207
208 while (msg_data_left(smb_msg)) {
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227 rc = sock_sendmsg(ssocket, smb_msg);
228 if (rc == -EAGAIN) {
229 retries++;
230 if (retries >= 14 ||
231 (!server->noblocksnd && (retries > 2))) {
232 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
233 ssocket);
234 return -EAGAIN;
235 }
236 msleep(1 << retries);
237 continue;
238 }
239
240 if (rc < 0)
241 return rc;
242
243 if (rc == 0) {
244
245
246 cifs_server_dbg(VFS, "tcp sent no data\n");
247 msleep(500);
248 continue;
249 }
250
251
252 *sent += rc;
253 retries = 0;
254 }
255 return 0;
256}
257
258unsigned long
259smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst)
260{
261 unsigned int i;
262 struct kvec *iov;
263 int nvec;
264 unsigned long buflen = 0;
265
266 if (server->vals->header_preamble_size == 0 &&
267 rqst->rq_nvec >= 2 && rqst->rq_iov[0].iov_len == 4) {
268 iov = &rqst->rq_iov[1];
269 nvec = rqst->rq_nvec - 1;
270 } else {
271 iov = rqst->rq_iov;
272 nvec = rqst->rq_nvec;
273 }
274
275
276 for (i = 0; i < nvec; i++)
277 buflen += iov[i].iov_len;
278
279
280
281
282
283
284
285 if (rqst->rq_npages) {
286 if (rqst->rq_npages == 1)
287 buflen += rqst->rq_tailsz;
288 else {
289
290
291
292
293 buflen += rqst->rq_pagesz * (rqst->rq_npages - 1) -
294 rqst->rq_offset;
295 buflen += rqst->rq_tailsz;
296 }
297 }
298
299 return buflen;
300}
301
302static int
303__smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
304 struct smb_rqst *rqst)
305{
306 int rc = 0;
307 struct kvec *iov;
308 int n_vec;
309 unsigned int send_length = 0;
310 unsigned int i, j;
311 sigset_t mask, oldmask;
312 size_t total_len = 0, sent, size;
313 struct socket *ssocket = server->ssocket;
314 struct msghdr smb_msg;
315 __be32 rfc1002_marker;
316
317 if (cifs_rdma_enabled(server)) {
318
319 rc = -EAGAIN;
320 if (server->smbd_conn)
321 rc = smbd_send(server, num_rqst, rqst);
322 goto smbd_done;
323 }
324
325 if (ssocket == NULL)
326 return -EAGAIN;
327
328 if (fatal_signal_pending(current)) {
329 cifs_dbg(FYI, "signal pending before send request\n");
330 return -ERESTARTSYS;
331 }
332
333
334 tcp_sock_set_cork(ssocket->sk, true);
335
336 for (j = 0; j < num_rqst; j++)
337 send_length += smb_rqst_len(server, &rqst[j]);
338 rfc1002_marker = cpu_to_be32(send_length);
339
340
341
342
343
344
345
346
347 sigfillset(&mask);
348 sigprocmask(SIG_BLOCK, &mask, &oldmask);
349
350
351 if (server->vals->header_preamble_size == 0) {
352 struct kvec hiov = {
353 .iov_base = &rfc1002_marker,
354 .iov_len = 4
355 };
356 iov_iter_kvec(&smb_msg.msg_iter, WRITE, &hiov, 1, 4);
357 rc = smb_send_kvec(server, &smb_msg, &sent);
358 if (rc < 0)
359 goto unmask;
360
361 total_len += sent;
362 send_length += 4;
363 }
364
365 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
366
367 for (j = 0; j < num_rqst; j++) {
368 iov = rqst[j].rq_iov;
369 n_vec = rqst[j].rq_nvec;
370
371 size = 0;
372 for (i = 0; i < n_vec; i++) {
373 dump_smb(iov[i].iov_base, iov[i].iov_len);
374 size += iov[i].iov_len;
375 }
376
377 iov_iter_kvec(&smb_msg.msg_iter, WRITE, iov, n_vec, size);
378
379 rc = smb_send_kvec(server, &smb_msg, &sent);
380 if (rc < 0)
381 goto unmask;
382
383 total_len += sent;
384
385
386 for (i = 0; i < rqst[j].rq_npages; i++) {
387 struct bio_vec bvec;
388
389 bvec.bv_page = rqst[j].rq_pages[i];
390 rqst_page_get_length(&rqst[j], i, &bvec.bv_len,
391 &bvec.bv_offset);
392
393 iov_iter_bvec(&smb_msg.msg_iter, WRITE,
394 &bvec, 1, bvec.bv_len);
395 rc = smb_send_kvec(server, &smb_msg, &sent);
396 if (rc < 0)
397 break;
398
399 total_len += sent;
400 }
401 }
402
403unmask:
404 sigprocmask(SIG_SETMASK, &oldmask, NULL);
405
406
407
408
409
410
411
412
413
414
415
416
417 if (signal_pending(current) && (total_len != send_length)) {
418 cifs_dbg(FYI, "signal is pending after attempt to send\n");
419 rc = -ERESTARTSYS;
420 }
421
422
423 tcp_sock_set_cork(ssocket->sk, false);
424
425 if ((total_len > 0) && (total_len != send_length)) {
426 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
427 send_length, total_len);
428
429
430
431
432
433 cifs_mark_tcp_ses_conns_for_reconnect(server, false);
434 trace_smb3_partial_send_reconnect(server->CurrentMid,
435 server->conn_id, server->hostname);
436 }
437smbd_done:
438 if (rc < 0 && rc != -EINTR)
439 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n",
440 rc);
441 else if (rc > 0)
442 rc = 0;
443
444 return rc;
445}
446
447static int
448smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
449 struct smb_rqst *rqst, int flags)
450{
451 struct kvec iov;
452 struct smb2_transform_hdr *tr_hdr;
453 struct smb_rqst cur_rqst[MAX_COMPOUND];
454 int rc;
455
456 if (!(flags & CIFS_TRANSFORM_REQ))
457 return __smb_send_rqst(server, num_rqst, rqst);
458
459 if (num_rqst > MAX_COMPOUND - 1)
460 return -ENOMEM;
461
462 if (!server->ops->init_transform_rq) {
463 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n");
464 return -EIO;
465 }
466
467 tr_hdr = kmalloc(sizeof(*tr_hdr), GFP_NOFS);
468 if (!tr_hdr)
469 return -ENOMEM;
470
471 memset(&cur_rqst[0], 0, sizeof(cur_rqst));
472 memset(&iov, 0, sizeof(iov));
473 memset(tr_hdr, 0, sizeof(*tr_hdr));
474
475 iov.iov_base = tr_hdr;
476 iov.iov_len = sizeof(*tr_hdr);
477 cur_rqst[0].rq_iov = &iov;
478 cur_rqst[0].rq_nvec = 1;
479
480 rc = server->ops->init_transform_rq(server, num_rqst + 1,
481 &cur_rqst[0], rqst);
482 if (rc)
483 goto out;
484
485 rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]);
486 smb3_free_compound_rqst(num_rqst, &cur_rqst[1]);
487out:
488 kfree(tr_hdr);
489 return rc;
490}
491
492int
493smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
494 unsigned int smb_buf_length)
495{
496 struct kvec iov[2];
497 struct smb_rqst rqst = { .rq_iov = iov,
498 .rq_nvec = 2 };
499
500 iov[0].iov_base = smb_buffer;
501 iov[0].iov_len = 4;
502 iov[1].iov_base = (char *)smb_buffer + 4;
503 iov[1].iov_len = smb_buf_length;
504
505 return __smb_send_rqst(server, 1, &rqst);
506}
507
508static int
509wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits,
510 const int timeout, const int flags,
511 unsigned int *instance)
512{
513 long rc;
514 int *credits;
515 int optype;
516 long int t;
517 int scredits, in_flight;
518
519 if (timeout < 0)
520 t = MAX_JIFFY_OFFSET;
521 else
522 t = msecs_to_jiffies(timeout);
523
524 optype = flags & CIFS_OP_MASK;
525
526 *instance = 0;
527
528 credits = server->ops->get_credits_field(server, optype);
529
530 if (*credits <= 0 && optype == CIFS_ECHO_OP)
531 return -EAGAIN;
532
533 spin_lock(&server->req_lock);
534 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) {
535
536 server->in_flight++;
537 if (server->in_flight > server->max_in_flight)
538 server->max_in_flight = server->in_flight;
539 *credits -= 1;
540 *instance = server->reconnect_instance;
541 scredits = *credits;
542 in_flight = server->in_flight;
543 spin_unlock(&server->req_lock);
544
545 trace_smb3_add_credits(server->CurrentMid,
546 server->conn_id, server->hostname, scredits, -1, in_flight);
547 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
548 __func__, 1, scredits);
549
550 return 0;
551 }
552
553 while (1) {
554 if (*credits < num_credits) {
555 scredits = *credits;
556 spin_unlock(&server->req_lock);
557
558 cifs_num_waiters_inc(server);
559 rc = wait_event_killable_timeout(server->request_q,
560 has_credits(server, credits, num_credits), t);
561 cifs_num_waiters_dec(server);
562 if (!rc) {
563 spin_lock(&server->req_lock);
564 scredits = *credits;
565 in_flight = server->in_flight;
566 spin_unlock(&server->req_lock);
567
568 trace_smb3_credit_timeout(server->CurrentMid,
569 server->conn_id, server->hostname, scredits,
570 num_credits, in_flight);
571 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
572 timeout);
573 return -EBUSY;
574 }
575 if (rc == -ERESTARTSYS)
576 return -ERESTARTSYS;
577 spin_lock(&server->req_lock);
578 } else {
579 spin_unlock(&server->req_lock);
580
581 spin_lock(&cifs_tcp_ses_lock);
582 if (server->tcpStatus == CifsExiting) {
583 spin_unlock(&cifs_tcp_ses_lock);
584 return -ENOENT;
585 }
586 spin_unlock(&cifs_tcp_ses_lock);
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601 spin_lock(&server->req_lock);
602 if (!optype && num_credits == 1 &&
603 server->in_flight > 2 * MAX_COMPOUND &&
604 *credits <= MAX_COMPOUND) {
605 spin_unlock(&server->req_lock);
606
607 cifs_num_waiters_inc(server);
608 rc = wait_event_killable_timeout(
609 server->request_q,
610 has_credits(server, credits,
611 MAX_COMPOUND + 1),
612 t);
613 cifs_num_waiters_dec(server);
614 if (!rc) {
615 spin_lock(&server->req_lock);
616 scredits = *credits;
617 in_flight = server->in_flight;
618 spin_unlock(&server->req_lock);
619
620 trace_smb3_credit_timeout(
621 server->CurrentMid,
622 server->conn_id, server->hostname,
623 scredits, num_credits, in_flight);
624 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
625 timeout);
626 return -EBUSY;
627 }
628 if (rc == -ERESTARTSYS)
629 return -ERESTARTSYS;
630 spin_lock(&server->req_lock);
631 continue;
632 }
633
634
635
636
637
638
639
640 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) {
641 *credits -= num_credits;
642 server->in_flight += num_credits;
643 if (server->in_flight > server->max_in_flight)
644 server->max_in_flight = server->in_flight;
645 *instance = server->reconnect_instance;
646 }
647 scredits = *credits;
648 in_flight = server->in_flight;
649 spin_unlock(&server->req_lock);
650
651 trace_smb3_add_credits(server->CurrentMid,
652 server->conn_id, server->hostname, scredits,
653 -(num_credits), in_flight);
654 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
655 __func__, num_credits, scredits);
656 break;
657 }
658 }
659 return 0;
660}
661
662static int
663wait_for_free_request(struct TCP_Server_Info *server, const int flags,
664 unsigned int *instance)
665{
666 return wait_for_free_credits(server, 1, -1, flags,
667 instance);
668}
669
670static int
671wait_for_compound_request(struct TCP_Server_Info *server, int num,
672 const int flags, unsigned int *instance)
673{
674 int *credits;
675 int scredits, in_flight;
676
677 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK);
678
679 spin_lock(&server->req_lock);
680 scredits = *credits;
681 in_flight = server->in_flight;
682
683 if (*credits < num) {
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700 if (server->in_flight == 0) {
701 spin_unlock(&server->req_lock);
702 trace_smb3_insufficient_credits(server->CurrentMid,
703 server->conn_id, server->hostname, scredits,
704 num, in_flight);
705 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n",
706 __func__, in_flight, num, scredits);
707 return -EDEADLK;
708 }
709 }
710 spin_unlock(&server->req_lock);
711
712 return wait_for_free_credits(server, num, 60000, flags,
713 instance);
714}
715
716int
717cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size,
718 unsigned int *num, struct cifs_credits *credits)
719{
720 *num = size;
721 credits->value = 0;
722 credits->instance = server->reconnect_instance;
723 return 0;
724}
725
726static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
727 struct mid_q_entry **ppmidQ)
728{
729 spin_lock(&cifs_tcp_ses_lock);
730 if (ses->status == CifsNew) {
731 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
732 (in_buf->Command != SMB_COM_NEGOTIATE)) {
733 spin_unlock(&cifs_tcp_ses_lock);
734 return -EAGAIN;
735 }
736
737 }
738
739 if (ses->status == CifsExiting) {
740
741 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) {
742 spin_unlock(&cifs_tcp_ses_lock);
743 return -EAGAIN;
744 }
745
746 }
747 spin_unlock(&cifs_tcp_ses_lock);
748
749 *ppmidQ = AllocMidQEntry(in_buf, ses->server);
750 if (*ppmidQ == NULL)
751 return -ENOMEM;
752 spin_lock(&GlobalMid_Lock);
753 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
754 spin_unlock(&GlobalMid_Lock);
755 return 0;
756}
757
758static int
759wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
760{
761 int error;
762
763 error = wait_event_freezekillable_unsafe(server->response_q,
764 midQ->mid_state != MID_REQUEST_SUBMITTED);
765 if (error < 0)
766 return -ERESTARTSYS;
767
768 return 0;
769}
770
771struct mid_q_entry *
772cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
773{
774 int rc;
775 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
776 struct mid_q_entry *mid;
777
778 if (rqst->rq_iov[0].iov_len != 4 ||
779 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
780 return ERR_PTR(-EIO);
781
782
783 if (server->sign)
784 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
785
786 mid = AllocMidQEntry(hdr, server);
787 if (mid == NULL)
788 return ERR_PTR(-ENOMEM);
789
790 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
791 if (rc) {
792 DeleteMidQEntry(mid);
793 return ERR_PTR(rc);
794 }
795
796 return mid;
797}
798
799
800
801
802
803int
804cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
805 mid_receive_t *receive, mid_callback_t *callback,
806 mid_handle_t *handle, void *cbdata, const int flags,
807 const struct cifs_credits *exist_credits)
808{
809 int rc;
810 struct mid_q_entry *mid;
811 struct cifs_credits credits = { .value = 0, .instance = 0 };
812 unsigned int instance;
813 int optype;
814
815 optype = flags & CIFS_OP_MASK;
816
817 if ((flags & CIFS_HAS_CREDITS) == 0) {
818 rc = wait_for_free_request(server, flags, &instance);
819 if (rc)
820 return rc;
821 credits.value = 1;
822 credits.instance = instance;
823 } else
824 instance = exist_credits->instance;
825
826 mutex_lock(&server->srv_mutex);
827
828
829
830
831
832
833 if (instance != server->reconnect_instance) {
834 mutex_unlock(&server->srv_mutex);
835 add_credits_and_wake_if(server, &credits, optype);
836 return -EAGAIN;
837 }
838
839 mid = server->ops->setup_async_request(server, rqst);
840 if (IS_ERR(mid)) {
841 mutex_unlock(&server->srv_mutex);
842 add_credits_and_wake_if(server, &credits, optype);
843 return PTR_ERR(mid);
844 }
845
846 mid->receive = receive;
847 mid->callback = callback;
848 mid->callback_data = cbdata;
849 mid->handle = handle;
850 mid->mid_state = MID_REQUEST_SUBMITTED;
851
852
853 spin_lock(&GlobalMid_Lock);
854 list_add_tail(&mid->qhead, &server->pending_mid_q);
855 spin_unlock(&GlobalMid_Lock);
856
857
858
859
860
861 cifs_save_when_sent(mid);
862 cifs_in_send_inc(server);
863 rc = smb_send_rqst(server, 1, rqst, flags);
864 cifs_in_send_dec(server);
865
866 if (rc < 0) {
867 revert_current_mid(server, mid->credits);
868 server->sequence_number -= 2;
869 cifs_delete_mid(mid);
870 }
871
872 mutex_unlock(&server->srv_mutex);
873
874 if (rc == 0)
875 return 0;
876
877 add_credits_and_wake_if(server, &credits, optype);
878 return rc;
879}
880
881
882
883
884
885
886
887
888
889
890int
891SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
892 char *in_buf, int flags)
893{
894 int rc;
895 struct kvec iov[1];
896 struct kvec rsp_iov;
897 int resp_buf_type;
898
899 iov[0].iov_base = in_buf;
900 iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
901 flags |= CIFS_NO_RSP_BUF;
902 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov);
903 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
904
905 return rc;
906}
907
908static int
909cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
910{
911 int rc = 0;
912
913 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
914 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
915
916 spin_lock(&GlobalMid_Lock);
917 switch (mid->mid_state) {
918 case MID_RESPONSE_RECEIVED:
919 spin_unlock(&GlobalMid_Lock);
920 return rc;
921 case MID_RETRY_NEEDED:
922 rc = -EAGAIN;
923 break;
924 case MID_RESPONSE_MALFORMED:
925 rc = -EIO;
926 break;
927 case MID_SHUTDOWN:
928 rc = -EHOSTDOWN;
929 break;
930 default:
931 if (!(mid->mid_flags & MID_DELETED)) {
932 list_del_init(&mid->qhead);
933 mid->mid_flags |= MID_DELETED;
934 }
935 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
936 __func__, mid->mid, mid->mid_state);
937 rc = -EIO;
938 }
939 spin_unlock(&GlobalMid_Lock);
940
941 DeleteMidQEntry(mid);
942 return rc;
943}
944
945static inline int
946send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
947 struct mid_q_entry *mid)
948{
949 return server->ops->send_cancel ?
950 server->ops->send_cancel(server, rqst, mid) : 0;
951}
952
953int
954cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
955 bool log_error)
956{
957 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
958
959 dump_smb(mid->resp_buf, min_t(u32, 92, len));
960
961
962 if (server->sign) {
963 struct kvec iov[2];
964 int rc = 0;
965 struct smb_rqst rqst = { .rq_iov = iov,
966 .rq_nvec = 2 };
967
968 iov[0].iov_base = mid->resp_buf;
969 iov[0].iov_len = 4;
970 iov[1].iov_base = (char *)mid->resp_buf + 4;
971 iov[1].iov_len = len - 4;
972
973 rc = cifs_verify_signature(&rqst, server,
974 mid->sequence_number);
975 if (rc)
976 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
977 rc);
978 }
979
980
981 return map_and_check_smb_error(mid, log_error);
982}
983
984struct mid_q_entry *
985cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored,
986 struct smb_rqst *rqst)
987{
988 int rc;
989 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
990 struct mid_q_entry *mid;
991
992 if (rqst->rq_iov[0].iov_len != 4 ||
993 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
994 return ERR_PTR(-EIO);
995
996 rc = allocate_mid(ses, hdr, &mid);
997 if (rc)
998 return ERR_PTR(rc);
999 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
1000 if (rc) {
1001 cifs_delete_mid(mid);
1002 return ERR_PTR(rc);
1003 }
1004 return mid;
1005}
1006
1007static void
1008cifs_compound_callback(struct mid_q_entry *mid)
1009{
1010 struct TCP_Server_Info *server = mid->server;
1011 struct cifs_credits credits;
1012
1013 credits.value = server->ops->get_credits(mid);
1014 credits.instance = server->reconnect_instance;
1015
1016 add_credits(server, &credits, mid->optype);
1017}
1018
1019static void
1020cifs_compound_last_callback(struct mid_q_entry *mid)
1021{
1022 cifs_compound_callback(mid);
1023 cifs_wake_up_task(mid);
1024}
1025
1026static void
1027cifs_cancelled_callback(struct mid_q_entry *mid)
1028{
1029 cifs_compound_callback(mid);
1030 DeleteMidQEntry(mid);
1031}
1032
1033
1034
1035
1036
1037
1038
1039
1040struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses)
1041{
1042 uint index = 0;
1043
1044 if (!ses)
1045 return NULL;
1046
1047
1048 index = (uint)atomic_inc_return(&ses->chan_seq);
1049
1050 spin_lock(&ses->chan_lock);
1051 index %= ses->chan_count;
1052 spin_unlock(&ses->chan_lock);
1053
1054 return ses->chans[index].server;
1055}
1056
1057int
1058compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
1059 struct TCP_Server_Info *server,
1060 const int flags, const int num_rqst, struct smb_rqst *rqst,
1061 int *resp_buf_type, struct kvec *resp_iov)
1062{
1063 int i, j, optype, rc = 0;
1064 struct mid_q_entry *midQ[MAX_COMPOUND];
1065 bool cancelled_mid[MAX_COMPOUND] = {false};
1066 struct cifs_credits credits[MAX_COMPOUND] = {
1067 { .value = 0, .instance = 0 }
1068 };
1069 unsigned int instance;
1070 char *buf;
1071
1072 optype = flags & CIFS_OP_MASK;
1073
1074 for (i = 0; i < num_rqst; i++)
1075 resp_buf_type[i] = CIFS_NO_BUFFER;
1076
1077 if (!ses || !ses->server || !server) {
1078 cifs_dbg(VFS, "Null session\n");
1079 return -EIO;
1080 }
1081
1082 spin_lock(&cifs_tcp_ses_lock);
1083 if (server->tcpStatus == CifsExiting) {
1084 spin_unlock(&cifs_tcp_ses_lock);
1085 return -ENOENT;
1086 }
1087 spin_unlock(&cifs_tcp_ses_lock);
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097 rc = wait_for_compound_request(server, num_rqst, flags,
1098 &instance);
1099 if (rc)
1100 return rc;
1101
1102 for (i = 0; i < num_rqst; i++) {
1103 credits[i].value = 1;
1104 credits[i].instance = instance;
1105 }
1106
1107
1108
1109
1110
1111
1112
1113 mutex_lock(&server->srv_mutex);
1114
1115
1116
1117
1118
1119
1120
1121
1122 if (instance != server->reconnect_instance) {
1123 mutex_unlock(&server->srv_mutex);
1124 for (j = 0; j < num_rqst; j++)
1125 add_credits(server, &credits[j], optype);
1126 return -EAGAIN;
1127 }
1128
1129 for (i = 0; i < num_rqst; i++) {
1130 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]);
1131 if (IS_ERR(midQ[i])) {
1132 revert_current_mid(server, i);
1133 for (j = 0; j < i; j++)
1134 cifs_delete_mid(midQ[j]);
1135 mutex_unlock(&server->srv_mutex);
1136
1137
1138 for (j = 0; j < num_rqst; j++)
1139 add_credits(server, &credits[j], optype);
1140 return PTR_ERR(midQ[i]);
1141 }
1142
1143 midQ[i]->mid_state = MID_REQUEST_SUBMITTED;
1144 midQ[i]->optype = optype;
1145
1146
1147
1148
1149
1150 if (i < num_rqst - 1)
1151 midQ[i]->callback = cifs_compound_callback;
1152 else
1153 midQ[i]->callback = cifs_compound_last_callback;
1154 }
1155 cifs_in_send_inc(server);
1156 rc = smb_send_rqst(server, num_rqst, rqst, flags);
1157 cifs_in_send_dec(server);
1158
1159 for (i = 0; i < num_rqst; i++)
1160 cifs_save_when_sent(midQ[i]);
1161
1162 if (rc < 0) {
1163 revert_current_mid(server, num_rqst);
1164 server->sequence_number -= 2;
1165 }
1166
1167 mutex_unlock(&server->srv_mutex);
1168
1169
1170
1171
1172
1173 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) {
1174 for (i = 0; i < num_rqst; i++)
1175 add_credits(server, &credits[i], optype);
1176 goto out;
1177 }
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190 spin_lock(&cifs_tcp_ses_lock);
1191 if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1192 spin_unlock(&cifs_tcp_ses_lock);
1193
1194 mutex_lock(&server->srv_mutex);
1195 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec);
1196 mutex_unlock(&server->srv_mutex);
1197
1198 spin_lock(&cifs_tcp_ses_lock);
1199 }
1200 spin_unlock(&cifs_tcp_ses_lock);
1201
1202 for (i = 0; i < num_rqst; i++) {
1203 rc = wait_for_response(server, midQ[i]);
1204 if (rc != 0)
1205 break;
1206 }
1207 if (rc != 0) {
1208 for (; i < num_rqst; i++) {
1209 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n",
1210 midQ[i]->mid, le16_to_cpu(midQ[i]->command));
1211 send_cancel(server, &rqst[i], midQ[i]);
1212 spin_lock(&GlobalMid_Lock);
1213 midQ[i]->mid_flags |= MID_WAIT_CANCELLED;
1214 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED) {
1215 midQ[i]->callback = cifs_cancelled_callback;
1216 cancelled_mid[i] = true;
1217 credits[i].value = 0;
1218 }
1219 spin_unlock(&GlobalMid_Lock);
1220 }
1221 }
1222
1223 for (i = 0; i < num_rqst; i++) {
1224 if (rc < 0)
1225 goto out;
1226
1227 rc = cifs_sync_mid_result(midQ[i], server);
1228 if (rc != 0) {
1229
1230 cancelled_mid[i] = true;
1231 goto out;
1232 }
1233
1234 if (!midQ[i]->resp_buf ||
1235 midQ[i]->mid_state != MID_RESPONSE_RECEIVED) {
1236 rc = -EIO;
1237 cifs_dbg(FYI, "Bad MID state?\n");
1238 goto out;
1239 }
1240
1241 buf = (char *)midQ[i]->resp_buf;
1242 resp_iov[i].iov_base = buf;
1243 resp_iov[i].iov_len = midQ[i]->resp_buf_size +
1244 server->vals->header_preamble_size;
1245
1246 if (midQ[i]->large_buf)
1247 resp_buf_type[i] = CIFS_LARGE_BUFFER;
1248 else
1249 resp_buf_type[i] = CIFS_SMALL_BUFFER;
1250
1251 rc = server->ops->check_receive(midQ[i], server,
1252 flags & CIFS_LOG_ERROR);
1253
1254
1255 if ((flags & CIFS_NO_RSP_BUF) == 0)
1256 midQ[i]->resp_buf = NULL;
1257
1258 }
1259
1260
1261
1262
1263 spin_lock(&cifs_tcp_ses_lock);
1264 if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1265 struct kvec iov = {
1266 .iov_base = resp_iov[0].iov_base,
1267 .iov_len = resp_iov[0].iov_len
1268 };
1269 spin_unlock(&cifs_tcp_ses_lock);
1270 mutex_lock(&server->srv_mutex);
1271 smb311_update_preauth_hash(ses, server, &iov, 1);
1272 mutex_unlock(&server->srv_mutex);
1273 spin_lock(&cifs_tcp_ses_lock);
1274 }
1275 spin_unlock(&cifs_tcp_ses_lock);
1276
1277out:
1278
1279
1280
1281
1282
1283
1284 for (i = 0; i < num_rqst; i++) {
1285 if (!cancelled_mid[i])
1286 cifs_delete_mid(midQ[i]);
1287 }
1288
1289 return rc;
1290}
1291
1292int
1293cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
1294 struct TCP_Server_Info *server,
1295 struct smb_rqst *rqst, int *resp_buf_type, const int flags,
1296 struct kvec *resp_iov)
1297{
1298 return compound_send_recv(xid, ses, server, flags, 1,
1299 rqst, resp_buf_type, resp_iov);
1300}
1301
1302int
1303SendReceive2(const unsigned int xid, struct cifs_ses *ses,
1304 struct kvec *iov, int n_vec, int *resp_buf_type ,
1305 const int flags, struct kvec *resp_iov)
1306{
1307 struct smb_rqst rqst;
1308 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
1309 int rc;
1310
1311 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
1312 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
1313 GFP_KERNEL);
1314 if (!new_iov) {
1315
1316 *resp_buf_type = CIFS_NO_BUFFER;
1317 return -ENOMEM;
1318 }
1319 } else
1320 new_iov = s_iov;
1321
1322
1323 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
1324
1325 new_iov[0].iov_base = new_iov[1].iov_base;
1326 new_iov[0].iov_len = 4;
1327 new_iov[1].iov_base += 4;
1328 new_iov[1].iov_len -= 4;
1329
1330 memset(&rqst, 0, sizeof(struct smb_rqst));
1331 rqst.rq_iov = new_iov;
1332 rqst.rq_nvec = n_vec + 1;
1333
1334 rc = cifs_send_recv(xid, ses, ses->server,
1335 &rqst, resp_buf_type, flags, resp_iov);
1336 if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
1337 kfree(new_iov);
1338 return rc;
1339}
1340
1341int
1342SendReceive(const unsigned int xid, struct cifs_ses *ses,
1343 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1344 int *pbytes_returned, const int flags)
1345{
1346 int rc = 0;
1347 struct mid_q_entry *midQ;
1348 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1349 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1350 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1351 struct cifs_credits credits = { .value = 1, .instance = 0 };
1352 struct TCP_Server_Info *server;
1353
1354 if (ses == NULL) {
1355 cifs_dbg(VFS, "Null smb session\n");
1356 return -EIO;
1357 }
1358 server = ses->server;
1359 if (server == NULL) {
1360 cifs_dbg(VFS, "Null tcp session\n");
1361 return -EIO;
1362 }
1363
1364 spin_lock(&cifs_tcp_ses_lock);
1365 if (server->tcpStatus == CifsExiting) {
1366 spin_unlock(&cifs_tcp_ses_lock);
1367 return -ENOENT;
1368 }
1369 spin_unlock(&cifs_tcp_ses_lock);
1370
1371
1372
1373
1374
1375 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1376 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1377 len);
1378 return -EIO;
1379 }
1380
1381 rc = wait_for_free_request(server, flags, &credits.instance);
1382 if (rc)
1383 return rc;
1384
1385
1386
1387
1388
1389 mutex_lock(&server->srv_mutex);
1390
1391 rc = allocate_mid(ses, in_buf, &midQ);
1392 if (rc) {
1393 mutex_unlock(&server->srv_mutex);
1394
1395 add_credits(server, &credits, 0);
1396 return rc;
1397 }
1398
1399 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1400 if (rc) {
1401 mutex_unlock(&server->srv_mutex);
1402 goto out;
1403 }
1404
1405 midQ->mid_state = MID_REQUEST_SUBMITTED;
1406
1407 cifs_in_send_inc(server);
1408 rc = smb_send(server, in_buf, len);
1409 cifs_in_send_dec(server);
1410 cifs_save_when_sent(midQ);
1411
1412 if (rc < 0)
1413 server->sequence_number -= 2;
1414
1415 mutex_unlock(&server->srv_mutex);
1416
1417 if (rc < 0)
1418 goto out;
1419
1420 rc = wait_for_response(server, midQ);
1421 if (rc != 0) {
1422 send_cancel(server, &rqst, midQ);
1423 spin_lock(&GlobalMid_Lock);
1424 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1425
1426 midQ->callback = DeleteMidQEntry;
1427 spin_unlock(&GlobalMid_Lock);
1428 add_credits(server, &credits, 0);
1429 return rc;
1430 }
1431 spin_unlock(&GlobalMid_Lock);
1432 }
1433
1434 rc = cifs_sync_mid_result(midQ, server);
1435 if (rc != 0) {
1436 add_credits(server, &credits, 0);
1437 return rc;
1438 }
1439
1440 if (!midQ->resp_buf || !out_buf ||
1441 midQ->mid_state != MID_RESPONSE_RECEIVED) {
1442 rc = -EIO;
1443 cifs_server_dbg(VFS, "Bad MID state?\n");
1444 goto out;
1445 }
1446
1447 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1448 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1449 rc = cifs_check_receive(midQ, server, 0);
1450out:
1451 cifs_delete_mid(midQ);
1452 add_credits(server, &credits, 0);
1453
1454 return rc;
1455}
1456
1457
1458
1459
1460static int
1461send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
1462 struct smb_hdr *in_buf,
1463 struct smb_hdr *out_buf)
1464{
1465 int bytes_returned;
1466 struct cifs_ses *ses = tcon->ses;
1467 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
1468
1469
1470
1471
1472
1473
1474 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
1475 pSMB->Timeout = 0;
1476 pSMB->hdr.Mid = get_next_mid(ses->server);
1477
1478 return SendReceive(xid, ses, in_buf, out_buf,
1479 &bytes_returned, 0);
1480}
1481
1482int
1483SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
1484 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1485 int *pbytes_returned)
1486{
1487 int rc = 0;
1488 int rstart = 0;
1489 struct mid_q_entry *midQ;
1490 struct cifs_ses *ses;
1491 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1492 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1493 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1494 unsigned int instance;
1495 struct TCP_Server_Info *server;
1496
1497 if (tcon == NULL || tcon->ses == NULL) {
1498 cifs_dbg(VFS, "Null smb session\n");
1499 return -EIO;
1500 }
1501 ses = tcon->ses;
1502 server = ses->server;
1503
1504 if (server == NULL) {
1505 cifs_dbg(VFS, "Null tcp session\n");
1506 return -EIO;
1507 }
1508
1509 spin_lock(&cifs_tcp_ses_lock);
1510 if (server->tcpStatus == CifsExiting) {
1511 spin_unlock(&cifs_tcp_ses_lock);
1512 return -ENOENT;
1513 }
1514 spin_unlock(&cifs_tcp_ses_lock);
1515
1516
1517
1518
1519
1520 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1521 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1522 len);
1523 return -EIO;
1524 }
1525
1526 rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance);
1527 if (rc)
1528 return rc;
1529
1530
1531
1532
1533
1534 mutex_lock(&server->srv_mutex);
1535
1536 rc = allocate_mid(ses, in_buf, &midQ);
1537 if (rc) {
1538 mutex_unlock(&server->srv_mutex);
1539 return rc;
1540 }
1541
1542 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1543 if (rc) {
1544 cifs_delete_mid(midQ);
1545 mutex_unlock(&server->srv_mutex);
1546 return rc;
1547 }
1548
1549 midQ->mid_state = MID_REQUEST_SUBMITTED;
1550 cifs_in_send_inc(server);
1551 rc = smb_send(server, in_buf, len);
1552 cifs_in_send_dec(server);
1553 cifs_save_when_sent(midQ);
1554
1555 if (rc < 0)
1556 server->sequence_number -= 2;
1557
1558 mutex_unlock(&server->srv_mutex);
1559
1560 if (rc < 0) {
1561 cifs_delete_mid(midQ);
1562 return rc;
1563 }
1564
1565
1566 rc = wait_event_interruptible(server->response_q,
1567 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) ||
1568 ((server->tcpStatus != CifsGood) &&
1569 (server->tcpStatus != CifsNew)));
1570
1571
1572 spin_lock(&cifs_tcp_ses_lock);
1573 if ((rc == -ERESTARTSYS) &&
1574 (midQ->mid_state == MID_REQUEST_SUBMITTED) &&
1575 ((server->tcpStatus == CifsGood) ||
1576 (server->tcpStatus == CifsNew))) {
1577 spin_unlock(&cifs_tcp_ses_lock);
1578
1579 if (in_buf->Command == SMB_COM_TRANSACTION2) {
1580
1581
1582 rc = send_cancel(server, &rqst, midQ);
1583 if (rc) {
1584 cifs_delete_mid(midQ);
1585 return rc;
1586 }
1587 } else {
1588
1589
1590
1591 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1592
1593
1594
1595 if (rc && rc != -ENOLCK) {
1596 cifs_delete_mid(midQ);
1597 return rc;
1598 }
1599 }
1600
1601 rc = wait_for_response(server, midQ);
1602 if (rc) {
1603 send_cancel(server, &rqst, midQ);
1604 spin_lock(&GlobalMid_Lock);
1605 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1606
1607 midQ->callback = DeleteMidQEntry;
1608 spin_unlock(&GlobalMid_Lock);
1609 return rc;
1610 }
1611 spin_unlock(&GlobalMid_Lock);
1612 }
1613
1614
1615 rstart = 1;
1616 spin_lock(&cifs_tcp_ses_lock);
1617 }
1618 spin_unlock(&cifs_tcp_ses_lock);
1619
1620 rc = cifs_sync_mid_result(midQ, server);
1621 if (rc != 0)
1622 return rc;
1623
1624
1625 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) {
1626 rc = -EIO;
1627 cifs_tcon_dbg(VFS, "Bad MID state?\n");
1628 goto out;
1629 }
1630
1631 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1632 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1633 rc = cifs_check_receive(midQ, server, 0);
1634out:
1635 cifs_delete_mid(midQ);
1636 if (rstart && rc == -EACCES)
1637 return -ERESTARTSYS;
1638 return rc;
1639}
1640
